From ConShell

Network Security Assessment is a wide field and can be broken down into various components. This page will show some of the tools and resources related to NSA. It is a work-in-progess.

Discovery

Passive

Passive discovery tools allow you to gather information about a network subnet or host without detection

• Google Advanced Search - try site: and inurl: options for a start
  • TODO: add links to google hacking info
• Netcraft's Whats that site running?
• Netcraft's SearchDNS
• whois - query Domain registries & registrars, ARIN (whois.arin.net), RIPE (whois.ripe.net), APNIC (whois.apnic.net)
• p0f - versatile passive OS fingerprinting tool
• dnstop - shows DNS traffic on your network
• arpwatch - stealth monitoring of ARP pairings

Active

Active tools leave a mark, whether it be in the logfiles of the scanned host, triggers a intrustion detection system (HIDS/NIDS) and so on.

• nmap - free open source utility for network exploration or security auditing
• dig - swiss-army knife of DNS query tools, part of the BIND suite
• Nessus - free/commercial vulnerability scanner with wide-range of plugins
• nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names